Hi
thanks its works fine. perfectly
Thanks for your help
You should only pass clear text passwords to the directory server. e.g.
in your LDIF:
userPassword: thecleartextpassword
and let the directory server do the hashing for you. Using pre-hashed
passwords defeats password checking. If you do not want to pass these
over an unencrypted channel, then set up TLS/SSL first.
If you feel you must generate pre-hashed passwords (strongly
discouraged) please use the pwdhash command line tool provided with 389
On Sun, Aug 5, 2012 at 7:24 PM, Fosiul Alam<fosiul(a)gmail.com> wrote:
> Hi thanks for the script
>
> one thing i am still confused is
> suppose i want to give password "test123" as default password at time
> of user creating
> how will i create this password and will put that one in
>
> userPassword: ???
>
>
>
> On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki<gd1100(a)gmail.com> wrote:
>> Here it is. I was using it to change password on openldap + samba using
>> ldap. Samba has its own password attribute. This script takes password from
>> user, encrypt it in crypt + call smbpasswd to set password aswell.
>>
>> $ cat sambaldapnewpass
>> #!/bin/bash
>>
>> #ask user for password:
>>
>> BASEDN="dc=org1,dc=county"
>> USERDN="dc=domain1"
>> BASEDIR=/home/lol87
>>
>> #login LDAP format: uid=$LOGIN,$USERDN,$BASEDN
>>
>> if [ -e $1 ];
>> then
>> echo "Login"
>> read LOGIN
>> else
>> LOGIN=$1
>> fi
>>
>> stty -echo
>>
>> PASS=s
>> PASS2=w
>>
>> while [ $PASS != $PASS2 ];
>> do
>> echo "new password:"
>> read PASS
>> echo "repeat new password:"
>> read PASS2
>> done
>>
>> stty echo
>>
>> echo $PASS> $BASEDIR/${LOGIN}.tmp
>> chmod 400 $BASEDIR/${LOGIN}.tmp
>>
>> #generate new password for LDAP:
>>
>> LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T
$BASEDIR/${LOGIN}.tmp
>> -n)
>> echo $LDAPPASS
>> rm $BASEDIR/${LOGIN}.tmp
>>
>> cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' |
sed '
>> s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/
'>
>> $BASEDIR/passchange_tmp.ldif
>> echo "userPassword: $LDAPPASS">> $BASEDIR/passchange_tmp.ldif
>> ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w
some_password<
>> $BASEDIR/passchange_tmp.ldif
>>
>> #rm $BASEDIR/passchange_tmp.ldif
>>
>> and now:
>> $ cat passchange.ldif
>> dn: uid=LDAPLOGIN,USERDN,BASEDN
>> changetype: modify
>> replace: userPassword
>>
>> You may need to change:
>>
>> slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp
-n
>>
>> paremeter of -c option defines salt. In my experience i saw many Linux
>> distros having diferent salt. Part "$6$" is required (look in man page
of
>> crypt function) and "%.27s" means to generate 27chars for salt. More
details
>> you may found in man page of slappasswd. Option -h tells slappasswd to use
>> format provided as parameter in this case crypt.
>>
>> I did not use it for some time soo please treat this as a template for your
>> script. I hope this will help you.
>>
>> Greg.
>>
>>
>> 2012/8/5 Fosiul Alam<fosiul(a)gmail.com>
>>> Hi Thanks
>>> i cant use GUI as the script should take care everything
>>> I think it would sha1 .
>>> i will try to find a solution if i cant please post your script here
>>>
>>> it would be really helpful
>>> thanks
>>>
>>>
>>> On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki<gd1100(a)gmail.com>
>>> wrote:
>>>> You can use gui. Just edit user account and type thre new password.
>>>> Directory server should encypt it before updating the entry in database.
>>>>
>>>> If you use slappasswd without any parameters it will ask for password
>>>> and
>>>> generate sha1 hash for you. To use crypt you need to set format to
>>>> crypt,
>>>> and set proper salt.
>>>>
>>>> I shold have on my pc example script using slappasswd i wrote it some
>>>> time
>>>> ago. I can't post it now bcause at the moment im on the bus. If no
one
>>>> will
>>>> post example of using slappasswd then I will later. Unless you will find
>>>> solution first.
>>>>
>>>> Greg.
>>>>
>>>> Send from htc desire z
>>>>
>>>> 05-08-2012 15:34, "Fosiul Alam"<fosiul(a)gmail.com>
napisał(a):
>>>>
>>>>> HI
>>>>> Thanks for reply
>>>>> I am using Directory Server 389
>>>>>
>>>>> and I am using a script to create the ldif file
>>>>>
>>>>> So some how i will have to create userpassword ..
>>>>>
>>>>> But dont understand .. whats the way to do that
>>>>> From GUI interface i can create password easily
>>>>> so whats the syntax to create userpassword ??
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>>> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>>>>> <christopher_wood(a)pobox.com> wrote:
>>>>>> Perhaps use slappasswd?
>>>>>>
>>>>>> On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>>>>>>> Hi
>>>>>>> I am generating the ldif by script.
>>>>>>> but i cant understand how will i generate the userpassword.
>>>>>>>
>>>>>>> userPassword: {crypt}x
>>>>>>>
>>>>>>> how this crypt or hash working
>>>>>>>
>>>>>>> Please give me some lights on this.
>>>>>>>
>>>>>>>
>>>>>>> Regards
>>>>>>> --
>>>>>>> 389 users mailing list
>>>>>>> 389-users(a)lists.fedoraproject.org
>>>>>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users(a)lists.fedoraproject.org
>>>>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>>
>>>>>
>>>>> --
>>>>> Regards
>>>>> Fosiul Alam
>>>>> 07877100621
>>>>>
http://www.fosiul.co.uk
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users(a)lists.fedoraproject.org
>>>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users(a)lists.fedoraproject.org
>>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>> --
>>> Regards
>>> Fosiul Alam
>>> 07877100621
>>>
http://www.fosiul.co.uk
>>> --
>>> 389 users mailing list
>>> 389-users(a)lists.fedoraproject.org
>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> Regards
> Fosiul Alam
> 07877100621
>
http://www.fosiul.co.uk